CVE-2025-9120

Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. 

The vulnerability could be exploited through an open port, potentially allowing unauthorized access.

This issue affects Carbonite Safe Server Backup: through 6.8.3.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025